July 01, 2014

Emergence versus Evolution
Aspects of a design will undoubtedly emerge as it evolves. Differing interpretations of requirements as well as information deficits between the various parties, not to mention changing circumstances all conspire to make it so. However, that does not mean the act of design is wholly emergent. Design connotes activity whereas emergence implies passivity. A passive approach to design is, in my opinion, unlikely to succeed in resolving the conflicts inherent in software development. In my opinion, it is the resolution of those conflicts which allows a system to adapt and evolve.

eBook: Top Continuous Testing Tips and Techniques
Until recently, implementation of truly continuous testing practices for application development has been easier said than done. Today, however, a number of products and services built around service virtualization are being employed on the pre-production side of the application lifecycle in a growing number of enterprises to help developers and testers reduce defects in production, shorten overall software cycles and test-cycle times, and just generally improve code quality. Read this paper to gain a greater understanding of service virtualization and discover tips and tricks for making continuous testing practices a welcome reality.

Can you really do it all in the cloud? No way, say tech chiefs
Paul Collins, director of ICT at the Australian International School Hong Kong, said cloud services should only be used where the applications or services are not regarded as a core or critical function of the business. Security and trust are not the only issues — CIOs should consider reliability and the ability to synchronise data between the local device and the cloud, he said. "There are many places on the planet where internet availability is just not an option," he added. Collins said security flaws such as Heartbleed and high-profile cases of password theft "shows that there is no such thing as an entirely infallible online cloud service... Let's not even start talking about the NSA."

Delivering Minimum Viable Analytics
Executives want to use this data to improve their operations and increase revenue through monetization. With ever-growing data and the ability to rationalize data across data siloes, there are more opportunities than there are resources. Most analytics solutions cannot afford to have elegance as a design goal. This statement might be a bit controversial. Analytics practitioners are professionals, and deliberately arguing for inelegant solutions seems counterintuitive. There are too many analytics efforts that failed when the analytics techniques were too sophisticated for the quality of the data.

New type of CFO represents a potent CIO ally
These CFOs say that they really feel the pain of systems not talking to each other. They understand this meansmaking disparate systems from the frontend to the backend talk to one another. But they, also, believe that making things less manual will drive important consequences including their own ability to inspect books more frequently. Given this, they see data as a competitive advantage. ... Strategic CFOs are also worried about data security. They believe their auditors are going after this with a vengeance. They are really worried about getting hacked. One said, “Target scared a lot of folks and was to many respects a watershed event”. At the same time, Strategic CFOs want to be able to drive synergies across the business. One CFO even extolled the value of a holistic view of customer.

Open source PCI DSS: A strategy for cheaper, easier PCI compliance
Despite its benefits, few have seen open source technology as an enabler for compliance, until now. In a 2014 RSA presentation, security professionals from Urbane Security proposed a PCI DSS compliance model composed of open source technology to help lower costs, increase scalability and improve the manageability of the systems that support PCI compliance. Do open source products have a place in enterprise PCI compliance strategies? In this tip, let's take a look at the open source opportunities for meeting three specific compliance needs: logging, file integrity monitoring and vulnerability scanning.

How to achieve better third-party security: Let us count the ways
The exploding number of online access points to companies means, "our walled fortress of firewalls and the like now has hundreds and thousands of doors. These doors are guarded by sentinels that allow any variable packet (think an employee badge without a picture) to pass through that wall," they wrote, in the paper titled, "Traitors in Our Midst: The risk of employee, contractors and third parties in the age of the Internet of Things and why security in depth remains critical to risk management."

After Crisis, Risk Officers Gain More Clout at Banks
Another big challenge is the slippery nature of risk itself. Before the financial crisis, for example, many lenders believed they had properly weighed the dangers of subprime mortgages—and had set aside a financial cushion of reserves that was big enough to absorb losses on the loans. Those predictions were disastrously wrong. "Our abilities to measure market risk are akin to where medicine was in the 1700s," says Damian Handzy, chairman and chief executive of Investor Analytics, a New York firm that operates risk-control systems. "Everyone is honestly trying to get better at this, but we're still in the laboratory. The old systems do not address systemic risk at all. Traditional banking tools are just not designed for that."

A new approach to reduce dysfunctional behavior at work
With rising demands in today’s workplace, emotional and behavioral disorders have soared. In“Untangling the Mind: Why We Behave the Way We Do,” Ted George, M.D., clinical professor of psychiatry at George Washington School of Medicine and neuroscientist at the National Institutes of Health, helps us understand America’s surge in emotional and behavioral disorders, including those we see in the workplace. Grasping “why” we instinctively react in certain ways is the first step in affecting change.

Inside the Changing Role of the CISO
CISOs face a host of new and emerging challenges, including risks generated by the ubiquity of mobile devices, the global scope of information assets, the difficulty of complying with new regulations and the threat of state-sponsored attacks as well as global cyber criminals. In response to these threats, organizations have elevated the role of CISOs to become a direct report to the chief information officer, chief risk officer or general counsel.

Quote for the day:

"The quality of a man's life is in direct proportion to his commitment to excellence, regardless of chosen field of endeavor." -- V. Lombardi